What is the significance of all the users and groups?

March 4, 2015 1.1k views
LEMP Getting Started Linux Basics Ubuntu

I'm a newbie just kind of toying with setting up a web server. I found a tutorial that said to change ownership of a new domain's directory to www-data:www-data but then I noticed the default directory was root:root.

So I now have these questions:

  1. I found that there is already a user and group called www-data but what does that mean?
  2. When someone visits the website they're viewing it as the www-data user?
  3. Is that a default user or is it something nginx created?
  4. Does the www-data group have limited permissions or something?
2 Answers
  1. It's the user nginx runs under
  2. Nginx is viewing it as the www-data user
  3. Yes
  4. Same permissions as any non-super user
  • If www-data is nginx's user and group then why is the default html folder root:root and what if any difference does it make?

When a folder is "user:group" you are referring to the fact that the folder is owned by user "user" who belongs to group "group". When a folder is created (in this case, /var/www), the ownership goes to the user who created it. When the VPS was created, it was created by the root user so the folders . You can change the ownership to www-data:www-data or you can change permissions to allow NGINX (or any program operating at www-data:www-data) certain permissions (which is a whole other topic in itself).

If you wanted to change ownership of the folder to www-data and pretty much give NGINX full access, open up the console and issue the command "chown www-data:www-data /var/www" (if you are the root user). If you aren't the root user, you'll need to prefix the above command with "sudo".

If you wanted to change the permissions, that's a much more in depth command but generally speaking, you use the command "chmod". Google it and there are plenty of articles that will go into the permissions more in depth.

  • I guess I'm just confused at whether or not changing ownership to www-data is even necessary because the default web-accessible nginx directory is owned by root:root so it would seem that since that works fine I don't really need to worry who owns the folders for each domain, right?

    I was just wondering because a tutorial I was reading about server blocks mentions changing the ownership of the domain folders but it would seem like that isn't truly necessary as even by default nginx doesn't seem to need it.

Have another answer? Share your knowledge.